Tag: supply-chain
-
RECOPE, Costa Rica’s State-Owned Energy Provider, Grapples with Ransomware Attack and Fuel Supply Disruption
by
in SecurityNewsRefinadora Costarricense de Petróleo (RECOPE), the state-owned entity responsible for Costa Rica’s fuel supply chain, has been targeted by a ransomware attack, impacting operations and raising concerns about potential fuel... First seen on securityonline.info Jump to article: securityonline.info/recope-costa-ricas-state-owned-energy-provider-grapples-with-ransomware-attack-and-fuel-supply-disruption/
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
by
in SecurityNews
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
-
Ransomware attacks on critical sectors ramped up in November
by
in SecurityNewsSupply chain software vendor Blue Yonder and energy management giant Schneider Electric SE experienced some of the most notable ransomware incidents in November. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366616601/Ransomware-attacks-on-critical-sectors-ramped-up-in-November
-
Why identity security is your best companion for uncharted compliance challenges
by
in SecurityNews
Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trustIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
-
Retail outages drag into second week after Blue Yonder ransomware attack
by
in SecurityNewsA ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began. In a brief update to its cybersecurity incident page on Sunday, Arizona-based Blue Yonder said it is making “good progress” in its recovery from the attack, which hit its…
-
2nd December Threat Intelligence Report
by
in SecurityNewsSupply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/2nd-december-threat-intelligence-report/
-
Working in critical infrastructure? Boost your effectiveness with these cybersecurity certifications
by
in SecurityNews
Tags: attack, automation, awareness, china, cisa, communications, compliance, control, cyber, cybersecurity, defense, finance, germany, governance, government, healthcare, HIPAA, incident response, infrastructure, international, jobs, network, PCI, privacy, ransomware, resilience, risk, risk-management, russia, sans, service, skills, soc, supply-chain, technology, training, ukraine, update, warfareHybrid warfare between nation-states is imperilling critical infrastructure around the world, both physically and electronically. Since the start of the Ukraine-Russia conflict, hybrid cyber/physical attacks on satellite and communications, energy, transportation, water, and other critical sectors have spread across Europe and beyond.Chinese perpetrators are actively infiltrating telecommunications networks in the US and abroad, according to…
-
Bedrohungsakteure nehmen KI/Machine-Learning-Modelle und Software-Lieferketten ins Visier
by
in SecurityNewsDie Bedeutung der Software-Lieferkette wird in diesem Jahr weiter zunehmen und parallel wird auch die Bedrohungslage an Komplexität und Intensität gew… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/bedrohungsakteure-nehmen-ki-machine-learning-modelle-und-software-lieferketten-ins-visier/a36652/
-
JFrog Software Supply Chain Report zeigt, dass viele kritische CVSS-Scores irreführend sind
by
in SecurityNews74 Prozent der Bewertungen von Schwachstellen mit hohen oder kritischen CVSS-Scores sind irreführend trotzdem verbringen 60 Prozent der Sicherheits- … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-software-supply-chain-report-zeigt-dass-viele-kritische-cvss-scores-irrefuehrend-sind/a36964/
-
Logpoint kommentiert XZ Utils Sicherheitslücke in der SoftwareChain
by
in SecurityNewsInsgesamt unterstreicht der Vorfall die Notwendigkeit einer verstärkten Aufmerksamkeit für die Sicherheitsaspekte von Open-Source-Software und die Bed… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/logpoint-kommentiert-xz-utils-sicherheitsluecke-in-der-software-supply-chain/a37025/
-
JFrog integriert GitHub und optimiert sicheres Software Supply Chain Management
by
in SecurityNewsIm Rahmen einer fortlaufenden Initiative wollen beide Unternehmen eine Roadmap für kontinuierliche Verbesserungen aufstellen, um sicherzustellen, dass… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-integriert-github-und-optimiert-sicheres-software-supply-chain-management/a37534/
-
Diskrepanzen zwischen Führungskräfte und Entwickler können die Sicherheit gefährden
by
in SecurityNewsSicherheitsverletzungen in der Software-Lieferkette nehmen deutlich zu, wie die jüngsten IDC-Umfragedaten zeigen, die einen erstaunlichen Anstieg solc… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/diskrepanzen-zwischen-fuehrungskraefte-und-entwickler-koennen-die-sicherheit-gefaehrden/a37848/
-
JFrog und GitHub stärken Zusammenarbeit mit Copilot-Chat und Software-Supply-Chain-Schutz
by
in SecurityNewsDie Integration von JFrog in GitHub ermöglicht eine nahtlose und sichere Verfolgung des Codes von der Quelle bis zu den resultierenden Binärdateien au… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-github-staerken-zusammenarbeit-mit-copilot-chat-und-software-supply-chain-schutz/a38345/
-
An Overview of Software Supply Chain Security
by
in SecurityNewsFirst seen on tldrsec.com Jump to article: tldrsec.com/p/supply-chain-security-overview
-
Software Supply Chain Vendor Landscape
by
in SecurityNewsAn analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container s… First seen on tldrsec.com Jump to article: tldrsec.com/p/software-supply-chain-vendor-landscape
-
3CX Supply Chain Attack ‘SmoothOperator’
by
in SecurityNewsWritten by Anton Jörgensson, Eric Dodge & Yann Lehmann of the Kudelski Security Threat Detection & Research Team Updated on April 5th. We may … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/03/30/3cx-supply-chain-attack-smoothoperator/
-
Cl0p Ups the Ante with Massive MOVEit Transfer Supply-Chain Exploit
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cl0p-ups-the-ante-with-massive-moveit-transfer-supply-chain-exploit
-
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
by
in SecurityNewsCybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as…
-
Starbucks, Supermarkets Targeted in Ransomware Attack
by
in SecurityNewsBlue Yonder, a prominent supply chain software provider, has been targeted in a ransomware attack, leading to disruption at major retail outlets. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/blue-yonder-ransomware-attack/
-
Blue Yonder Grapples with Ransomware Attack, Disrupting Global Supply Chains
by
in SecurityNewsBlue Yonder, a leading provider of AI-driven supply chain solutions, has been hit by a ransomware attack, impacting its managed services hosted environment. The incident, which occurred on November 21,... First seen on securityonline.info Jump to article: securityonline.info/blue-yonder-grapples-with-ransomware-attack-disrupting-global-supply-chains/
-
Cybersecurity Alert: MUT-8694 Supply Chain Attack Targets npm and PyPI Ecosystems
by
in SecurityNewsThe open-source ecosystem has once again become the battleground for cybercriminals, as Datadog’s Security Research team uncovered a coordinated supply chain attack by an enigmatic threat actor designated MUT-8694. Leveraging... First seen on securityonline.info Jump to article: securityonline.info/cybersecurity-alert-mut-8694-supply-chain-attack-targets-npm-and-pypi-ecosystems/
-
Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack
by
in SecurityNewsBlue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. grocery chain Sainsbury. >>A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ schedules,…
-
Blue Yonder ransomware attack breaks systems at UK retailers
by
in SecurityNewsUK supermarkets continue to deal with the impact of a ransomware attack on the systems of supply chain software supplier Blue Yonder, which is disrupting multiple aspects of their businesses including deliveries and staff management First seen on Jump to article: /www.computerweekly.com/news/366616406/Blue-Yonder-ransomware-attack-breaks-systems-at-UK-retailers
-
Starbucks, UK grocers impacted by ransomware attack on Blue Yonder
by
in SecurityNewsA ransomware attack on supply chain management software provider Blue Yonder has impacted global operations at various companies in the United States and United Kingdom, affecting major retailers such as Starbucks and several UK-based supermarket chains. Starbucks has reported difficulties in processing payroll and managing employee schedules due to the incident, telling the Wall Street…
-
Starbucks von Ransomware-Attacke auf Supply-Chain-Anbieter Blue Yonder betroffen
by
in SecurityNews‘Hacker haben es geschafft, einige der größten Einzelhandels- und Kaffeeketten der Welt in einer der geschäftigsten Wochen des Jahres anzugreifen. In den USA wird diese Woche Thanksgiving gefeiert. Dies zeigt einmal mehr, wie der Angriff auf ein einzelnes Unternehmen Zugang zu einem ganzen Ökosystem verschaffen kann in diesem Fall zu einer Zeit, in der […]…
-
UK, US retail giants hit by ongoing disruption after ransomware attack on supply chain firm
by
in SecurityNewsThe Arizona-based firm said it has “no timeline” for restoration, following a cyberattack that caused disruption at companies around the world. First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/26/major-uk-us-stores-face-ongoing-disruption-after-ransomware-attack-hits-supply-chain-giant-blue-yonder/
-
Ransomware Attack on Supply Chain Provider Causes Disruption
by
in SecurityNewsBlue Yonder Outage Causing Disruptions for Starbucks, Major Grocery Store Chains. Major grocery store chains, Starbucks and other large organizations are experiencing disruptions following a ransomware attack against supply chain management service provider Blue Yonder. The provider said it’s continuing to probe the attack and has no timeline for service restoration. First seen on govinfosecurity.com…
-
Supply Chain Ransomware Attack Hits Starbucks, UK Grocers
by
in SecurityNewsCoffee store giant Starbucks was among other organizations affected by a ransomware attack this month on cloud managed service provider Blue Yonder, a Panasonic subsidiary that has more than 3,000 customers. Two UK grocery chains also were impacted. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/supply-chain-ransomware-attack-hits-starbucks-uk-grocers/